Chal2 – Easy Unpack Challenge

Posted: January 26, 2016 in Chal2. Easy Unpack Challenge
Tags:

Load Easy_UnpackMe to OllyDBG, scroll down to find JMP instruction:

Krchal21

Figure 1

Set BP at 0040A1FB - E9 506FFFFF     jmp     Easy_Unp.00401150, press F9 to run. Stop at BP, press F8 to trace over, we get the OEP is 0x00401150:

Krchal22

Figure 2

Anotherway to find OEP is to set BP at GetVersion API:

Krchal23

Figure 3

End.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s